BLAHAJ
/
ccmdm-re
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
MDM ISA reversing of TI CC13xx/26xx chips
2 Commits 1 Branch 0 Tags 105 KiB
Assembly 54.6%
C 44.2%
Python 1.2%
Go to file
Triss 87d240ffa9 fix a few bugs, make a very rudimentary assembler 2023-06-17 18:55:20 +02:00
.gitignore fix a few bugs, make a very rudimentary assembler 2023-06-17 18:55:20 +02:00
README.md fix a few bugs, make a very rudimentary assembler 2023-06-17 18:55:20 +02:00
analyze-asm.py fix a few bugs, make a very rudimentary assembler 2023-06-17 18:55:20 +02:00
defs.h fix a few bugs, make a very rudimentary assembler 2023-06-17 18:55:20 +02:00
defs.inc fix a few bugs, make a very rudimentary assembler 2023-06-17 18:55:20 +02:00
enctable.txt stuff 2023-06-17 17:11:56 +02:00
isa.inc fix a few bugs, make a very rudimentary assembler 2023-06-17 18:55:20 +02:00
nasm.sh fix a few bugs, make a very rudimentary assembler 2023-06-17 18:55:20 +02:00
ops-sorted.txt stuff 2023-06-17 17:11:56 +02:00
rf_patch_mce_iqdump.c stuff 2023-06-17 17:11:56 +02:00
text.asm fix a few bugs, make a very rudimentary assembler 2023-06-17 18:55:20 +02:00
text.hex stuff 2023-06-17 17:11:56 +02:00
text.lst fix a few bugs, make a very rudimentary assembler 2023-06-17 18:55:20 +02:00
text.s fix a few bugs, make a very rudimentary assembler 2023-06-17 18:55:20 +02:00

README.md

mdm isa reversing

It looks quite a lot like the "sensor controller" ISA but the details differ (more registers, different encoding, no pc-relative branches, fewer insns?).

disassembler

See analyze-asm.py. Needs a few tweaks to be usable as a standalone disassembler but it works.

documentation

instruction set (as of now):
    registers are 16-bit wide. notation is always "op src, dst".
    memory addressing is in 16-bit word units, never byte indexed.
    RAM/ROM and I/O buses are separate like in the 8080 or Z80.
    basically a babby's first 16bit machine one might find designed
    specifically for a uni course.

    alu reg, reg        alu=or/and/mov/add/sub/cmp
    alu imm, reg        imm is 5bit!

    btst imm, reg       bit test in reg. imm is a bit index
    bclr imm, reg       bit clear in reg

    shift reg, reg      shift=sl0(lsl)/sr0(lsr)/srx(asr)
    shift imm, reg      imm is 4bit

    lmd (reg), reg      load from ROM/RAM space
    lmd imm, reg        imm is 4bit? 7bit?
    lli imm, reg        load long immediate(?), imm is 10bit

    b<cc> abs           branch if conditioncode (eq/ne/mi/pl), abs is absolute addr
    jmp   abs
    jmp  (reg)
    jsr   abs
    loop  abs           loop instruction. r0 = loop counter, branch if r0 != 0

    rts                 return
    wait                wait for interrupt???

    input abs, reg      read from I/O space (absolute address)
    input (reg), reg    read from I/O space (register indirect)
    output reg, abs     write to I/O space
    output reg, (reg)   write to I/O space
    outclr abs          set I/O reg to 0?
    outset abs          set I/O reg to 0xffff??
    outbclr imm, abs    clear bit <imm> of I/O reg <abs>
    outbset imm, abs    set bit of I/O reg

reg encoding: 0XXXX  = rX (X=0..15)
              10000  = pc (alu srcop only)
              others = ?? (alu srcop only)

instruction set encoding maybe:
    instructions are always 16 bits wide

    000a aams ssss dddd     ALU op; a=op, m=mode (src 0=reg/1=imm), s=src, d=dst
        000 or
        001 and
        010 xor?        hypothetical
        011 tst?        hypothetical
        100 mov
        101 add
        110 sub
        111 cmp

    0010 a??? ssss dddd     bit op; a=op, ?=?, s=src(bitind imm), d=dst
         0010 btst
         1010 bclr
           ^ reg/imm? depending on placement, unify with aluop or shiftop
           is there a bset somewhere?

    0011 aaam ssss dddd     shift; a=op, m=reg/imm, s=src(bitind), d=dst
         000  sl0
         100  sr0
         110  srx
            others?

    0100 ccdd dddd dddd     b<cc> d=dstabs
         00 eq
         01 ne
         10 mi
         11 pl
       ^ maybe another cc bit?


    0110 aadd dddd dddd     jmpop; d=abs
         00 jmp
         01 jsr
         10 loop
         11 misc reg-indirect insns (see below)

    0110 1100 0000 dddd     jmp (d=reg)
              ^^^^ other ops?
  ? 0110 1101 ssss dddd ??  input (s=srcreg), d=dst     hypothetical
    0110 1110 dddd ssss     output s=src, (d=dstreg)
    0110 1111 ssss dddd     lmd (s=srcreg), d=dst       no store?

    0111 0000 0000 0000     rts
    0111 0001 0000 0000     wait
              ^^^^ ^^^^ lots of space here for other ops!
    0111 0010 dddd dddd     outclr d=dstabs
    0111 0011 dddd dddd     outset d=dstabs
    0111 1sss ssss dddd     lmd s=srcabs, d=dst         no store?
          ^^^ unsure of these (000 afaics)

    1000 ssss ssss dddd     input s=srcabs, d=dst
    1001 dddd dddd ssss     output s=srcreg, d=dstabs
    1010 dddd dddd ssss     outbclr s=srcbitindimm, d=dstabs
    1011 dddd dddd ssss     outbset s=srcbitindimm, d=dstabs

    11ss ssss ssss dddd     lli s=src(imm), d=dst

pseudo-ops:
    nop = or r0, r0